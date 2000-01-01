At RevenueCat, protecting your data—and your customers’—is core to our mission of making in‑app purchases simple and reliable for every developer. We follow industry‑leading standards, independent audits, and rigorous internal controls to earn and keep your trust.

Certifications & Frameworks

SOC 2 Type II



Our controls for security, availability, and confidentiality are audited annually by an independent CPA firm. The latest report is available under NDA upon request. GDPR & Global Privacy



RevenueCat complies with EU and UK data-protection laws, California’s CCPA/CPRA, and Brazil’s LGPD, and processes your end-user data only as a data processor under our DPA and your documented instructions.

Infrastructure Security

– Every code change passes peer review, static analysis, and CI security checks before deployment. Active cloud security monitoring – RevenueCat uses leading industry cloud security services to continuously scan and audit services, detect vulnerabilities or misconfigurations and detect anomalies and threats.





Operational Practices

– Staff complete background checks, annual security awareness training, and mandatory MFA on all company systems. Business continuity – Daily encrypted backups, redundant services, and tested disaster‑recovery plans ensure uptime and data integrity.





Responsible Disclosure

If you discover a vulnerability, please email security@revenuecat.com. We investigate and remediate all valid reports promptly and appreciate responsible researchers.

We run a hackerone bounty program to engage with security researches and encourage responsible disclosure.

Need more details?

Enterprise customers can request our SOC 2 report, completed questionnaire (e.g., CAIQ, SIG), or a copy of our Information Security Policy by contacting sales@revenuecat.com.